GitHub has a massive, ongoing problem with SEO optimized malware repositories. Threat actors routinely use fake stars, forks, and automated commits to push malicious 'desktop clients' to the top of search results
So I read the post, the dataset was inert until someone trained on it; he left it up specifically to see how long it would take anyone to notice and in practice no one did.